Forced microchip implants get under some states' skin

Ban considered in California

Ban considered in California

September 20, 2007|By Orr Shtuhl, Stateline.org

WASHINGTON - The VeriChip implantable RFID tag, made up of a microchip and an antenna encased in glass, is 12 mm long and 2 mm in diameter, about the size of a grain of rice. It would be an interesting feature of an employee's first day: sign a contract, fill out a W-2 and roll up your sleeve for your microchip injection. Sounds like sci-fi, but it's happened, and now a handful of states are making sure their citizens will never be forced to have a microchip implanted under their skin. If Gov. Arnold Schwarzenegger signs a bill passed Sept. 4, California would join Wisconsin and North Dakota in banning human implanting of these tags without consent. No one's quite sure how real a threat these forced implants might be, or why states are feeling compelled to protect their residents from being physically tagged. Lawmakers are calling the legislation pre-emptive, while the industry that produces the technology sees the states' action as fear mongering. Radio-frequency identification tags - tiny, data-storing microchips about the size of a grain of rice - are in passports, in Wal-Mart factory shipments and in subway passes in cities from New York to Taiwan. They are also in humans. On one less-than-likely episode of “Law & Order: Special Victims Unit,” a paranoid man played by Bob Saget even uses one to monitor his adulterous wife. Unlike Global Positioning System technology, which is used for constant, real-time tracking, RFID tags are scanned at close range - usually from a few feet to a few inches. The tags are tracked by scanners installed at checkpoints, such as office doors or warehouse loading docks. The systems are also commonly used in highway toll collection and as theft protection in car keys. Some uses: In humans, they have been used to store medical information, to track movement and to gain access to locked rooms. To date, 2,000 RFID chips have been sold for implantation in humans, according to VeriChip Corp., the only manufacturer with a Food and Drug Administration-approved implantable chip. The company is focusing its technology on medical patient identification, and about 400 patients, including those with Alzheimer's disease, have RFIDs implanted. Some customers are using them as high-tech keys. Ohio security firm CityWatcher.com raised eyebrows in 2006 when it requested that some of its employees be “chipped,” or implanted with tags for access to certain rooms. According to published reports, only two employees got the implants before the company dropped the program. CityWatcher.com has since shut down. But forced chipping has been a rare practice, leading some industry spokespeople to decry regulation as “scare tactics.” Other bans: Wisconsin enacted the first RFID ban in May 2006, and North Dakota in April. Colorado and Ohio have bills in committee, and Oklahoma and Florida saw theirs die last session. Except for one U.S. House proposal to use RFID tags to track prescription drugs, Congress has not widely addressed the technology. State Sen. Joe Simitian, who authored California's bill, said he first looked into RFID legislation after grade schools in Sutter County, Calif., required students to wear IDs containing the chips to help monitor attendance. The move prompted privacy complaints from parents, and the school eventually stopped using the technology. Simitian introduced four other RFID bills, dealing with criminal punishment for identity theft, security standards and use of these tags in driver's licenses and school IDs. All four proposals were originally pieces of California's Identity Information Protection Act of 2006, which passed but was vetoed by Schwarzenegger. In a statement, he recommended waiting for standards from the federal Real ID Act, a plan to organize states' driver's licenses into a national system. The governor has until Oct. 14 to sign or veto the newly passed bill. Security breach: The lack of security in the chips is particularly alarming, Simitian said, and is a major reason he thinks the state should step in with regulation. A May 2006 story in Wired Magazine featured Jonathan Westhues, a 24-year-old engineer who demonstrated how he could (and did) covertly scan a company's RFID employee badge and break into the office - all with a cheap, homemade reader. He's since posted detailed instructions on how to make the reader on his Web site. Determined to show the security flaws to skeptics in the Legislature, Simitian asked a tech-savvy grad student from his office to build one. The student then wandered the state Capitol one afternoon with the reader in his briefcase. In the process, he stole the security numbers of nine representatives. The reader could send out any of those numbers, getting him past any locked door a state senator would have access to. And he would appear as the senator in the electronic records. The technology is being embraced by a few government agencies. Both Vermont and Washington state have agreed to work with the Department of Homeland Security to test RFID driver's licenses, although they won't be required by citizens.